01-12-2016 05:27 - edited 01-13-2016 00:24
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-12-2016 05:27 - edited 01-13-2016 00:24
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi,
I'm trying to retrieve oauth2 token based on old oaut1 token and token secret.
As a response I receive the following message:
{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid or expired: <tokenoauth1>:<tokensecretoauth1> Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
I've just retrieved the token and token sectret, the values are not expired.
Code Sample:
HttpClient httpClient = new HttpClient();
string postUrl = "https://api.fitbit.com";
postUrl += "/oauth2";
postUrl += "/token";
string ClientId = "<oauth2clientid>";
string AppSecret = "<appsecret>";
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("grant_type", "refresh_token"),
new KeyValuePair<string, string>("refresh_token", "<token>:<tokensecret>")
});
string clientIdConcatSecret = Base64Encode(ClientId + ":" + AppSecret);
httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", clientIdConcatSecret);
Task<HttpResponseMessage> response = httpClient.PostAsync(postUrl, content);
Task<string> responseString = response.Result.Content.ReadAsStringAsync();
01-12-2016 15:05
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



01-12-2016 15:05
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Please do not paste large code blocks to the forum. Use a GitHub gist or link to a public repository.
We prefer to debug the actual HTTP request you're making to Fitbit, as it is much easier to identify issues. Please capture and share the HTTP request your application is making and the response from Fitbit. One tool to do this is Runscope Traffic Inspector. Be sure to obfuscate your access token when publicly sharing.

01-19-2016 06:31 - edited 01-19-2016 06:50
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-19-2016 06:31 - edited 01-19-2016 06:50
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
POST https://api.fitbit.com/oauth2/token HTTP/1.1
Authorization: Basic <Base64 encoded clientId:clientsecret>
Content-Type: application/x-www-form-urlencoded
Host: api.fitbit.com
Content-Length: 106
grant_type=refresh_token&refresh_token=<oauth1token>%3A<oaut1tokensecret>
and the response
HTTP/1.1 400 Bad Request
Server: cloudflare-nginx
Date: Tue, 19 Jan 2016 14:33:12 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: no-cache, private
Content-Language: en-EU
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
CF-RAY: 267340d7a15c238a-FRA
116
{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid or expired: <oauth1token>:<oauth1tokensecret>. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
0

01-19-2016 13:22
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



01-19-2016 13:22
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
That looks like a correct request, so I assume that your user access token and user access token secret are invalid.
Here's a successful test I just tried (underscores for redacting all but the first and last characters of sensitive values):
POST /oauth2/token HTTP/1.1 Authorization: Basic Ml9fX19MOjlfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19k Content-Type: application/x-www-form-urlencoded Host: api.fitbit.com Connection: close User-Agent: Paw/2.2.9 (Macintosh; OS X/10.11.2) GCDHTTPRequest Content-Length: 106 grant_type=refresh_token&refresh_token=7______________________________a%3A3______________________________6 HTTP/1.1 200 OK Server: cloudflare-nginx Date: Tue, 19 Jan 2016 21:11:34 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-control: no-cache, private Content-Language: en-US Vary: Accept-Encoding X-Frame-Options: SAMEORIGIN CF-RAY: 26758866ab612870-SJC {"access_token":"eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTMyNDE0OTQsInNjb3BlcyI6Indwcm8gd251dCB3c2V0IHdzbGUgd3dlaSB3YWN0IHdzb2MiLCJzdWIiOiIyX19fX0wiLCJhdWQiOiIyX19fX0wiLCJpc3MiOiJGaXRiaXQiLCJ0eXAiOiJhY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTMyMzc4OTR9.crqqZUpke74stpa-ItkqC8IVt85in3v3k7510jMjVn4","expires_in":3600,"refresh_token":"c______________________________________________________________d","scope":"profile sleep social activity settings weight nutrition","token_type":"Bearer","user_id":"26FWFL"}

